Securing, maintaining, monitoring and controlling one or more computer networks, as well as the systems in the network, is a difficult task, especially in an enterprise. System and network administrators, trying to constantly secure networks, maintain networks, monitor networks and control networks, as well as secure systems on any networks, maintain systems on any networks, monitor systems on any networks and control systems on any networks may be overwhelmed.
Securing computer networks and their systems is difficult because of internal and external threats. Internal threats are the greatest danger to computer security. It is estimated that eighty percent of security problems have internal causes. Internal causes may be many and varied. For example, disgruntled employees can wreak havoc on computer networks and their systems. Security problems do not have to be caused by intentional acts, either. Careless employees can damage and destroy networks and their systems.
The remaining twenty percent of security problems have external causes. These external problems may be many and varied as well, for example, viruses and hackers constitute an all-too-real threat to computer networks and their systems.
Maintaining computer networks and their systems is difficult because of the complicated and intertwined nature of computer networks. Voluminous files, multiple platforms, lack of standardization among vendors, frequent conflicts among software, maintaining updates etc. can cause all sorts of difficulties for computer network and system maintenance.
Securing, maintaining, monitoring and controlling computer networks and their systems is complicated by the difficulty of tracking any network and/or system problems. A network administrator may simply be unable to locate the problem because of the complicated and intertwined nature of modem computer networks. Finding an internal security threat, such as a malicious employee who uses another employee's system to corrupt systems and/or the network may be impossible.
Security threats are constantly changing. New security vulnerabilities are constantly being discovered in system and network software, and may be exploited by employees or others. New viruses are constantly being written and released. Systems and networks can be protected against newly discovered vulnerabilities and viruses usually only after the vulnerability or virus is recognized. It is sometimes possible to guard against vulnerabilities or viruses by attempting to recognize threatening characteristics, such as telltale behavior, code sequences and the like, however, this type of detection (usually referred to as “heuristics detection,”) is limited and not always accurate. Thus, frequent updates of security mechanisms, such as installing system and network patches, updating virus definitions regularly, etc. are necessary.
There are various tools in the prior art that attempt to secure, maintain, monitor and control systems and networks. These tools suffer from many deficiencies. First, they are usually not designed to perform all the functions of securing, maintaining, monitoring and controlling systems and networks. Thus the user must obtain and install a number of tools for each function. Next, the tools may themselves bring their own set of security, maintenance, etc. problems to the network or its systems, as might be the case when an antivirus program conflicts with a network monitoring program. Moreover, maintaining the tools themselves can become as separate system and network chore, as the tools must constantly be updated to deal with newly discovered security threats.
The majority of system and network protection and maintenance tools also lack platform independence. That is, they are often designed to interface with one particular platform or operating system. By being limited to a particular operating system, protection on different platforms, such as might occur in an enterprise with UNIX, Windows, and mainframe platforms, may become very complicated.
Accordingly, it is an object of the present invention to provide methods, apparatus and articles of manufacture that secure, maintain, monitor and control computer networks, including systems in networks.
It is a further object of the present invention to provide methods, apparatus and articles of manufacture that secure, maintain, monitor and control computer networks, including systems in networks, without needing frequent updates.
It is a further object of the present invention to provide methods, apparatus and articles of manufacture that secure, maintain, monitor and control computer networks, including systems in networks, across a variety of platforms.